Hey,
> I assumed we can reuse discovery for that if we:
> - add a fallback to manual network configuration (and probably hostname
> too) when there is no dhcp
> - potentially extend the discovery image to send additional key/values that
> can be used in rules (e.g. user input)
this will work, I think implementation would be as easy as a Shell/Ruby
script calling Whiptail or other (n)curses utility to acquire the input
in case the ISO is booted directly (not PXE-booted). All we need to
change is the syslinux configuration for the image and add a systemd
service.
> - add the ability to pull the kernel / initrd and boot it using kexec (or
> similar) - as we can't reboot to pxe.
But this one can be tough, I am not sure how stable kexec is and if it
works with Anaconda init images. Not for this reason I think it is not
good idea to try to leverage discovery for this particular use case.
I can imagine a use case when customer wants to use discovery on a
network without DHCP/PXE. It should be technically possible to ask the
user to enter networking information, but nothing else. No key/value
pairs or host group information, just enough for discovery to put the
host into the registry. Then operators with access to Foreman can either
interactively or non-interactively provision it.
I agree with Greg that what you describe is not task for discovery
image, but for bootdisk plugin. I believe iPXE has very powerful
capabilities in terms of allowing users to enter arbitrary data,
including some key/value pairs:
http://ipxe.org/cmd/read
http://ipxe.org/cmd/choose
In regard to tracebility and audit, there are multiple ways to solve
that. The easiest one is to require operators to sign in (if this is
really required):
http://ipxe.org/cmd/login
The more comfortable is to allow operators to generate their very own
bootdisk images with a token embedded. Someone with access to Foreman
needs to generate that of course, but then no login is required which
can save some time.
In all cases, we can leverage capabilities of Foreman - template
rendering. It is possible to chainload iPXE scripts and menus once
network information is correctly confirmed.
TL;DR - I think we should evaluate how to implement this via new
bootdisk feature with the following workflow:
- operator enters network credentials
- operator enters additional key/value pairs (optional)
- operator signs-in (or have an image with security token)
- menu is chain-loaded from Foreman
- operator selects host group (or whatever is presented)
- system boots into an installer
And I also thing we should implement Discovery without DHCP capability,
which should be relatively easy - enter IP/netmask/router/foreman IP and
that's it. While we could do this via iPXE as well, for discovery we
can carry on with PXELinux and ask the user during boot.
···
--
Later,
Lukas #lzap Zapletal